jmolhava
asked on
Why can't I connect externally to VPN on one network, but I can with two others?
Hi,
*WORKS* I have set up a VPN server on a Windows 2003 server (std) by following the RRAS wizard, allowing access for a user, and then forwarding port (on the router) 1723 TCP to the server's internal IP. It works just fine. This has one network port and the router is a Linksys. It has both port-forwarding of 1723 to the server and PPTP passthrough enabled.
*WORKS* I did this same thing on another WIndows 2003 server SBS netowork and it works also. This one has one network port and a Microsoft MN-700 router. It has port forwarding enabled for 1723 TCP to the server. (PPTP pass-through is not mentioned in the config screens)
*DOES NOT WORK!* I tried the same thing on a another Windows SBS 2003 server (a third network) and I can not connect. It gets to "Verifying username and password" then says "error 721. the remote computer did not respond". This server also has one network port and has a D-Link DI-614+ router. I tried both TCP 1723 and UDP 500 forwarding to the server.
Thanks for your help.
*WORKS* I have set up a VPN server on a Windows 2003 server (std) by following the RRAS wizard, allowing access for a user, and then forwarding port (on the router) 1723 TCP to the server's internal IP. It works just fine. This has one network port and the router is a Linksys. It has both port-forwarding of 1723 to the server and PPTP passthrough enabled.
*WORKS* I did this same thing on another WIndows 2003 server SBS netowork and it works also. This one has one network port and a Microsoft MN-700 router. It has port forwarding enabled for 1723 TCP to the server. (PPTP pass-through is not mentioned in the config screens)
*DOES NOT WORK!* I tried the same thing on a another Windows SBS 2003 server (a third network) and I can not connect. It gets to "Verifying username and password" then says "error 721. the remote computer did not respond". This server also has one network port and has a D-Link DI-614+ router. I tried both TCP 1723 and UDP 500 forwarding to the server.
Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tigermatt
However (with reference to my previous post) it does say here http://www.dlink.com.sg/products/?pid=20 that it is capable of concurrent PPTP VPN connections. Perhaps there's a check box somewhere to tick to allow PPTP passthrough? If not, just try and see if GRE protocol 47 can be forwarded in the NAT port forwarding settings.
ASKER
I looked into the info you mentioned and also the D-Link page. It's also good to know what the GRE 47 actually does... never really knew other than it was needed.
From the D-Link page: They seem to have a specific way to enable the GRE protocol (just not as obvious as on the other two routers). I will try it later today and post back with the results.
From the D-Link page: They seem to have a specific way to enable the GRE protocol (just not as obvious as on the other two routers). I will try it later today and post back with the results.
ASKER
OK that did it. It works now. Thanks for the tip off with GRE and the router settings. I guess every router kinda has their own way to do it.
ASKER
One more thought in case anyone else has this same router:
D-Link DI-614+
See the knowledge base on their website and look at the PPTP VPN connection instructions. The GRE entry will show up only if you add the PPTP 1723 entry in 'Virtual Server'. I also had to reset the router in order for it to take effect (apply was not enough).
http://support.dlink.com/SupportFAQ/default.asp?model=DI%2D614%2B
D-Link DI-614+
See the knowledge base on their website and look at the PPTP VPN connection instructions. The GRE entry will show up only if you add the PPTP 1723 entry in 'Virtual Server'. I also had to reset the router in order for it to take effect (apply was not enough).
http://support.dlink.com/SupportFAQ/default.asp?model=DI%2D614%2B
That's often the case - the less advanced routers are probably preconfigured to do it for you. At least it works now!